International Association for Cryptologic Research

IACR News Central

Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also get this service via

To receive your credentials via mail again, please click here.

You can also access the full news archive.

Further sources to find out about changes are CryptoDB, ePrint RSS, ePrint Web, Event calender (iCal).

2012-06-11
14:41 [Event][New] PQCrypto 2013: Post-Quantum Crypto 2013

  From June 4 to June 7
Location: Limoges, France


09:37 [Job][New] Security and Cryptography Researcher, Safemarket Ltd, Thessaloniki, Greece

  Safemarket Ltd., a software development and secure computer services company, seeks one Security or Cryptography specialist for participating on the research project entitled \"Secure Automated E-learning tests and Logic Puzzles\".

Requirements

  • Ph.D. in Computer Science with specialization in at least one of the following (or related) areas: Networks/Servers, Computer and Network Security, Applied Cryptography, Computer Systems.

  • Excellent knowledge on web/application server customization

  • Strong understanding (server administration) of Linux OS, preferably CentOS or Ubuntu

  • Experience in Database Security and Cryptography Policies

Desired Qualifications

  • Certifications: CISSP, CCSP, RHCE, CCNA, MCSA, Linux + Pro, CEH (Certified Ethical Hacker)

  • MySQL, PHP, Java

  • Cryptography, SSL

  • Clustered environments

  • Web / SQL Load Balancing

  • Fluency in English

  • Game/Application Servers (Glassfish)

  • Apache/Nginx/Tomcat.

  • Proved experience in network/server management and administration

This a 3-year contract research position (full 36 months) with a salary of about 2100 Euros (gross). The project is Co-financed by the European Union and Greece - Operational Program \'Human Resources Development\' - NSFR 2007-2013 - European Social Fund.

Successful applicant will lead the security group with the role of organising/administrating the whole infrastructure required for supporting secure and fair electronic contests.

Contact: Send a cover letter and a detailed CV to: jobs (at) safemarket.gr



2012-06-08
19:24 [PhD][New] Roel Peeters: Security Architecture for Things That Think

  Name: Roel Peeters
Topic: Security Architecture for Things That Think
Category: cryptographic protocols

Description: The observation that people already carry lots of personal devices (e.g., a smart phone, an electronic identity card, an access badge, an electronic car key, a laptop, ... ), serves as starting point for this thesis. Furthermore, with the arrival of smart objects, the number of things that think one carries is expected to grow. Sensors will be built into clothing and attached to the body to monitor\r\nour health. It is clear that these devices need to be protected. However, due to the vast amount of devices involved, the traditional approach of protecting\r\neach device on its own, results in a usability nightmare.\r\n
\r\nWe investigate how to tap into the potential that arises from cooperation between these devices. This is done by deploying threshold cryptography on\r\npersonal devices. Threshold cryptography has the benefit of increased overall security, since an adversary can compromise a number (up to the threshold\r\nnumber) of devices without gaining any advantage towards breaking the overall security. Furthermore, the end-user does not need to carry all his personal\r\ndevices, any subset of size at least the threshold number is sufficient to make use of the threshold security system.\r\n
\r\nWe propose technical solutions to tackle some of the practical issues related to this approach, paving the road for real world implementations. First, we\r\nshow how one can include devices that do not have the necessary (secure) storage capabilities needed to store shares (e.g., car keys) in our threshold\r\nscheme. Second, we investigate how the end-user can add or remove devices from his set of personal devices used in this threshold scheme. Finally, in\r\norder to get user acceptance, the (location) privacy of consumers should not be disregarded. Towards this goal we examine how to achieve private and\r\nsecure device authentication over an open channel. This is done specifically for RFID tags, which are the least powerful devices that can be included in our\[...]




2012-06-06
05:16 [PhD][New] U. Rajeswar Rao

  Name: U. Rajeswar Rao


05:16 [PhD][New] Rayanki Balakrishna: Multihop Performace Issuess in Wire less Mobile Ad Hoc networks

  Name: Rayanki Balakrishna
Topic: Multihop Performace Issuess in Wire less Mobile Ad Hoc networks
Category: implementation



05:15 [PhD][New] U.Rajeswar Rao

  Name: U.Rajeswar Rao




2012-06-05
20:52 [Event][Update] SPACE'12: Int. Conference on Security, Privacy and Applied Cryptography Engineering

  Submission: 3 July 2012
Notification: 17 August 2012
From November 2 to November 3
Location: Chennai, India
More Information: http://space.cse.iitm.ac.in/


18:17 [Pub][ePrint] Using Variance to Analyze Visual Cryptography Schemes, by Teng Guo and Feng Liu and ChuanKun Wu and YoungChang Hou

  A visual cryptography scheme (VCS) is a secret sharing method, for which the secret can be decoded by human eyes without needing any cryptography knowledge nor any computation. Variance is first introduced by Hou et al. in 2005 and then thoroughly verified by Liu et al. in 2012 to evaluate the visual quality of size invariant VCS. In this paper, we introduce the idea of using variance as an error-detection measurement, by which we find the security defect of Hou et al.\'s multi-pixel encoding method. On the other hand, we find that variance not only effects the visual quality of size invariant VCS, but also effects the

visual quality of VCS. At last, average contrast associated with variance is used as a new criterion to evaluate the visual quality of VCS.



18:17 [Pub][ePrint] Computationally Sound Verification of the NSL Protocol via Computationally Complete Symbolic Attacker, by Gergei Bana and Pedro Adão and Hideki Sakurada

  In this paper we show that the recent technique of computationally complete symbolic attackers proposed by Bana and Comon-Lundh for computationally sound verification is powerful enough to verify actual protocols, such as the Needham-Schroeder-Lowe Protocol. In their model, one does not define explicit Dolev-Yao adversarial capabilities but rather the limitations of the adversarial capabilities. In this paper we present a set of axioms sufficient to show that no symbolic adversary compliant with these axioms can successfully violate secrecy or authentication in case of the NSL protocol. Hence all implementations for which these axioms are sound - namely, implementations using CCA2 encryption, and satisfying a minimal parsing requirement for pairing - exclude the possibility of successful computational attacks.



18:17 [Pub][ePrint] A Do-It-All-Cipher for RFID: Design Requirements (Extended Abstract) , by Markku-Juhani O. Saarinen and Daniel Engels

  Recent years have seen significant progress in the development of lightweight symmetric cryptoprimitives. The main concern of the designers of these primitives has been to minimize the number of gate equivalents (GEs) of the hardware implementation. However, there are numerous additional requirements that are present in real-life RFID systems. We give an overview of requirements emerging or already present in the widely deployed EPCGlobal Gen2 and ISO / IEC 18000-63 passive UHF RFID air interface standards. Lightweight stateful authenticated encryption algorithms seem to offer the most complete set of features for this purpose. In this work we give a Gen2-focused \"lessons learned\" overview of the challenges and related developments in RFID cryptography and propose what we see as appropriate design criteria for a cipher (dubbed \"Do-It-All-Cipher\" or DIAC) in this application area. We also comment on the applicability of NSA\'s new SIMON and SPECK proposals for this purpose.



18:17 [Pub][ePrint] Non-uniform cracks in the concrete: the power of free precomputation, by Daniel J. Bernstein and Tanja Lange

  There is a flaw in the standard security definitions used in the literature on provable concrete security. The definitions are frequently conjectured to assign a security level of 2^128 to AES, the NIST P-256 elliptic curve, DSA-3072, RSA-3072, and various higher-level protocols, but they actually assign a far lower security level to each of these primitives and protocols. This flaw undermines security evaluations and comparisons throughout the literature. This paper analyzes the magnitude of the flaw in detail and discusses several strategies for fixing the definitions.